India’s draft data protection bill released in July by the Justice B.N. Srikrishna committee is the most recent contribution to a sprawling debate over electronic data that has been going on in India and elsewhere for some years now.

While the Srikrishna committee report raises legitimate concerns about the protection of personal data, the suggested bill proposes a requirement for data localisation as a remedy – a directive that personal data about residents of India be stored, in some cases exclusively, in India. Other proposals in the past few years include an e-commerce policy that tiptoes up to the edge of localisation; a Cloud Working Group report that proposes localising any data generated in India; and payments rules promulgated by the Reserve Bank of India that would make it nearly impossible for residents of, or even visitors to, India to use credit cards.

This poses two problems: Localisation may not, in fact, protect privacy; and the various proposals under consideration could do great collateral damage to Indian businesses – small and large.